Get token from single u64

This commit is contained in:
vpl 2019-08-26 20:26:54 +02:00
parent ad2225b6e5
commit 591ae10144
2 changed files with 35 additions and 14 deletions

View File

@ -59,7 +59,7 @@ fn send_email_login(data: JsonUpcase<SendEmailLoginData>, conn: DbConn) -> Empty
let type_ = TwoFactorType::Email as i32; let type_ = TwoFactorType::Email as i32;
let mut twofactor = TwoFactor::find_by_user_and_type(&user.uuid, type_, &conn)?; let mut twofactor = TwoFactor::find_by_user_and_type(&user.uuid, type_, &conn)?;
let generated_token = generate_token(CONFIG.email_token_size()); let generated_token = generate_token(CONFIG.email_token_size())?;
let mut twofactor_data = EmailTokenData::from_json(&twofactor.data)?; let mut twofactor_data = EmailTokenData::from_json(&twofactor.data)?;
twofactor_data.set_token(generated_token); twofactor_data.set_token(generated_token);
twofactor.data = twofactor_data.to_json(); twofactor.data = twofactor_data.to_json();
@ -101,14 +101,20 @@ struct SendEmailData {
MasterPasswordHash: String, MasterPasswordHash: String,
} }
fn generate_token(token_size: u64) -> String {
crypto::get_random(vec![0; token_size as usize]) fn generate_token(token_size: u32) -> Result<String, Error> {
.iter() if token_size > 19 {
.map(|byte| { (byte % 10)}) err!("Generating token failed")
.map(|num| { }
char::from_digit(num as u32, 10).unwrap()
}) // 8 bytes to create an u64 for up to 19 token digits
.collect() let bytes = crypto::get_random(vec![0; 8]);
let mut bytes_array = [0u8; 8];
bytes_array.copy_from_slice(&bytes);
let number = u64::from_be_bytes(bytes_array) % 10u64.pow(token_size);
let token = format!("{:0size$}", number, size = token_size as usize);
Ok(token)
} }
/// Send a verification email to the specified email address to check whether it exists/belongs to user. /// Send a verification email to the specified email address to check whether it exists/belongs to user.
@ -131,7 +137,7 @@ fn send_email(data: JsonUpcase<SendEmailData>, headers: Headers, conn: DbConn) -
tf.delete(&conn)?; tf.delete(&conn)?;
} }
let generated_token = generate_token(CONFIG.email_token_size()); let generated_token = generate_token(CONFIG.email_token_size())?;
let twofactor_data = EmailTokenData::new(data.Email, generated_token); let twofactor_data = EmailTokenData::new(data.Email, generated_token);
// Uses EmailVerificationChallenge as type to show that it's not verified yet. // Uses EmailVerificationChallenge as type to show that it's not verified yet.
@ -321,8 +327,15 @@ mod tests {
#[test] #[test]
fn test_token() { fn test_token() {
let result = generate_token(100); let result = generate_token(19).unwrap();
assert_eq!(result.chars().count(), 100); assert_eq!(result.chars().count(), 19);
}
#[test]
fn test_token_too_large() {
let result = generate_token(20);
assert!(result.is_err(), "too large token should give an error");
} }
} }

View File

@ -322,8 +322,8 @@ make_config! {
email_2fa: _enable_email_2fa { email_2fa: _enable_email_2fa {
/// Enabled |> Disabling will prevent users from setting up new email 2FA and using existing email 2FA configured /// Enabled |> Disabling will prevent users from setting up new email 2FA and using existing email 2FA configured
_enable_email_2fa: bool, true, def, true; _enable_email_2fa: bool, true, def, true;
/// Token number length |> Length of the numbers in an email token /// Token number length |> Length of the numbers in an email token. Minimum of 6. Maximum is 19.
email_token_size: u64, true, def, 6; email_token_size: u32, true, def, 6;
/// Token expiration time |> Maximum time in seconds a token is valid. The time the user has to open email client and copy token. /// Token expiration time |> Maximum time in seconds a token is valid. The time the user has to open email client and copy token.
email_expiration_time: u64, true, def, 600; email_expiration_time: u64, true, def, 600;
/// Maximum attempts |> Maximum attempts before an email token is reset and a new email will need to be sent /// Maximum attempts |> Maximum attempts before an email token is reset and a new email will need to be sent
@ -378,6 +378,14 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> {
err!("Both `SMTP_USERNAME` and `SMTP_PASSWORD` need to be set to enable email authentication") err!("Both `SMTP_USERNAME` and `SMTP_PASSWORD` need to be set to enable email authentication")
} }
if cfg.email_token_size < 6 {
err!("`EMAIL_TOKEN_SIZE` has a minimum size of 6")
}
if cfg.email_token_size > 19 {
err!("`EMAIL_TOKEN_SIZE` has a maximum size of 19")
}
Ok(()) Ok(())
} }